NAT-T is a standard phase of IKE process so it should work also in static
cryptomap, but cisco and checkpoint by default uses different ports to
encapsulate ESP so you must configure the same ports...
paolo
From: doc Master <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: Re: [FW-1] [SUSPECTED SPAM] Re: [FW-1] [SUSPECTED SPAM] Site to
Site VPN and NAT-T
Date: Mon, 19 Feb 2007 23:08:16 -0300
Cisco will NAT-T with any standard device. I have a IOS box acting as VPN
concentrator for remote linux boxes using OpenSwan. They all does NAT-T. At
the Cisco, you will have to configure dynamic cryptomaps instead of
tradionally static ones. Also, the concentrator will not be able to start
the IPSec connections if there is no static/forward NAT at the remote site
to forward packets to your box. If this is no problem for you, a nat hide
will be all that you need.
On 2/9/07, André L. <[EMAIL PROTECTED]> wrote:
OK. We do just some NAT on the border device (IOS_router) and open the
needed ports udp/500 (IKE), ESP and udp/4500 (NAT-T).
Without NAT-T (in case of Cisco on the remote site) no tunnel can be
established. Right?
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
_________________________________________________________________
Hai sempre tutte le risposte? Sfida gli amici con Duell Live!
http://specials.it.msn.com/DuelLive.aspx
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
